Commits on Dec 16, 2019

1. pmirror: Add option --unix-socket …

   Currently the sender (master) and the receiver (slave) establish a
   separate TCP connection for the file data. This requires that the
   master can connect to a random TCP port which the slave creates, which
   might not be possible if the systems are separated by a firewall.
   
   We can ask ssh to forward another TCP connection, but we'd need to
   define the port number from the master not knowing, which ports are free
   on the slave. The port namespace is very limited, so collisions are not
   unlikely. To avoid that, we use the ability of ssh to use AF_UNIX
   sockets for a forwarded channel. These have a much bigger namespace, so
   collisions can be better avoided.
   
   Add a option --unix-socket to use a ssh channel for the data connection.
   Use /tmp/pmirror_USER_NNNNN  as the default socket name, where USER is
   the username (on the master) and NNNNN is a 5 digit random value. This
   can be overwritten with --unix-socket-name=PATH.  The same name is used
   on the master and on the server. The name is removed immediately after
   the data channel ist established to reduce the time frame for
   collisions.
   
   Unlike the TCP based data channel, the unix-socket based data channel is
   forwarded by ssh and so is encrypted.
   
   Usage:
   
   If your systems are seperated by a firewall or you want encryption on
   the data channel, add --unix-socket to the pmirror command line.

   

   donald committed Dec 16, 2019
   Configuration menu

   • View commit details
   • Copy full SHA for ca4337b
   • Browse repository at this point

   Copy the full SHA

   ca4337b View commit details

   Browse the repository at this point in the history